Segfault in the 2.0.0 installer

Pierre Riteau pierre.riteau at gmail.com
Sat Jul 26 14:04:22 PDT 2008


On Tue, Jul 22, 2008 at 10:23:09AM -0700, Matthew Dillon wrote:
> :Pierre Riteau wrote:
> :> Hi,
> :> I was installing DragonFlyBSD 2.0.0 to try out HAMMER and the installer
> :> segfaulted.
> :> Can anyone reproduce it?
> :> Launch the installer, go to "Configure an Installer System", select the
> :> system then choose "Select timezone", answer YES to the question about
> :> UTC and then select Europe: the installer freezes and I get on the other
> :> tty "pid 1724 (dfuife_curses), uid 0: exited on signal 11 (core dumped)".
> :> 
> :> I could debug it but I would need to finish the install and get the
> :> source tree first, so if anyone wants to take a look at it, that would
> :> be great.
> :
> :Try this: Login as "root" and then type "installer". IIRC, I had a
> :similar problem (at least once). Nevertheless, the bug should be fixed.
> :
> :Regards,
> :
> :   Michael
> 
>     Very odd.  It seems to work fine when I try it (by logging in as
>     'installer').
> 
>     Maybe there's a memory corruption issue in the installer and the
>     problem is due to some prior action.  When you select 'Europe'
>     it does have to allocate fairly large list to generate the next
>     menu.
> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon at backplane.com>

OK, I tracked it down to an off-by-one that was probably corrupting
malloc internals.

A quick grep through the code found the same issue in other files
(looks like copy and paste).

Diff inline below.

Pierre Riteau

Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_caps.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c	12 Mar 2008 22:15:54 -0000	1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_caps.c	26 Jul 2008 18:50:59 -0000
@@ -285,7 +285,7 @@ dfui_caps_fe_ll_request(struct dfui_conn
 	 * Construct a message.
 	 */
 
-	fmsg = aura_malloc(strlen(msg) + 1, "exchange message");
+	fmsg = aura_malloc(strlen(msg) + 2, "exchange message");
 	fmsg[0] = msgtype;
 	strcpy(fmsg + 1, msg);
 	dfui_debug("SEND<<%s>>\n", fmsg);
Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_npipe.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c	12 Mar 2008 22:15:54 -0000	1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_npipe.c	26 Jul 2008 18:49:00 -0000
@@ -340,7 +340,7 @@ dfui_npipe_fe_ll_request(struct dfui_con
 	 * Construct a message.
 	 */
 
-	fmsg = malloc(strlen(msg) + 1);
+	fmsg = malloc(strlen(msg) + 2);
 	fmsg[0] = msgtype;
 	strcpy(fmsg + 1, msg);
 
Index: contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c
===================================================================
RCS file: /home/dcvs/src/contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 conn_tcp.c
--- contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c	12 Mar 2008 22:15:54 -0000	1.1.1.1
+++ contrib/bsdinstaller-1.1.6/src/lib/libdfui/conn_tcp.c	26 Jul 2008 17:11:57 -0000
@@ -394,7 +394,7 @@ dfui_tcp_fe_ll_request(struct dfui_conne
 	 * Construct a message.
 	 */
 
-	fmsg = malloc(strlen(msg) + 1);
+	fmsg = malloc(strlen(msg) + 2);
 	fmsg[0] = msgtype;
 	strcpy(fmsg + 1, msg);
 	dfui_debug("SEND<<%s>>\n", fmsg);





More information about the Bugs mailing list